Coldfusion: Encrypting and Decrypting Data
Sometimes it is necessary and/or standard procedures to encrypt data when storing in a database from online forms. A quick example that come to my mind, that I have encrypted would be passwords. As a developer, you should find it necessary to encrypt confidential data in databases. Just because you have the standard SSL for https encyrption of information flowing from browser to server, you should still have it in policy to encrypt the data stored on the server. Now, there is some data that just should NOT be stored in any database, SSN and Credit Card numbers come to mind.
I use Adobe Coldfusion as my development platform for all my web applications. Utlizing it's encryption functionality is a must. What encrypt does is, takes a string of text, and using a specific algorithm and encoding method, encrypts it. Likewise, decrypt takes that encrypted string and decrypts it back to the original string, keeping the data secure on the server.
First, I set some parameters to use with the process. These paramets could be stored in the application.cfm file, or on the actual page used. For more information on the parameters used and the options for each, please visit http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=functions_e-g_01.html
<cfparam name="MyKey" default="JC2HI71J8UR548CSDD1SDSDJ455LN9P"> <cfparam name="myAlgorithm" default="CFMX_COMPAT"> <cfparam name="myEncoding" default="Base64">
Encryption and Decryption Sample Code:
Below is the sample code for using the parameters above with the field that is submitted from the HTML form. This sample reflects both the encryption and decryption syntax.
<cfscript> /* GenerateSecretKey does not generate key for the CFMX_COMPAT algorithm, so use the key from the form. */ if (myAlgorithm EQ "CFMX_COMPAT") theKey=MyKey; // For all other encryption techniques, generate a secret key. else theKey=generateSecretKey(myAlgorithm); //Encrypt the string encrypted=encrypt(myString, theKey, myAlgorithm, myEncoding); //Decrypt it decrypted=decrypt(encrypted, theKey, myAlgorithm, myEncoding); </cfscript>
Below is just a single form field, being used as the sample to pass the string to the routine above.
<cfform action="?testit=yes" method="post"> TEXT: <cfinput type="text" name="mystring" size="20" maxlength="20"> <input type="submit" value="Submit"> </cfform>
below is a basic <cfoutput> with the output results from the encryption and decryption routine above.
<cfoutput> MyString: #mystring# <br> Encrypted: #encrypted# <br> Decrypted: #decrypted# </cfoutput>
Other ColdFusion Articles
- Adobe Coldfusion Tip For Finding Duplicate Records In SQL Database
- Coldfusion: allowing max file size when uploading
- ColdFusion: Monitor Hard Drive Space And Email Alert
- Coldfusion SQL Tips: Creating Tables, Backup, Fields
- Coldfusion Programming: Accessing a shared network drive
- Coldfusion: Encrypting and Decrypting Data
- Adobe Coldfusion Help: Query To Spreadsheet
- ColdFusion: Upload a pipe delimited file and insert into SQL table
- Coldfusion programming: How to submit muliple records at the same time that have the same field name
- How To Upload Multiple Files With ColdFusion